zdoom/fluidsynth
0
0
Fork 0
mirror of https://github.com/ZDoom/fluidsynth.git synced 2024-12-01 00:21:14 +00:00
Code Issues Projects Releases Packages Wiki Activity

avoid a buffer overrun when loading corrupt soundfonts

Browse source 
addresses #327
This commit is contained in:
derselbst 2018-01-18 14:07:10 +01:00
parent 9806087543
commit 57cbdda39a
2 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/sfloader/fluid_defsfont.c
View file

@ -3451,7 +3451,7 @@ fixup_sample (SFData * sf)
int invalid_loops=FALSE;
int invalid_loopstart;
int invalid_loopend, loopend_end_mismatch;
unsigned int sdtachunk_size = sf->samplesize;
unsigned int total_samples = sf->samplesize / FLUID_MEMBER_SIZE(fluid_defsfont_t, sampledata[0]);
p = sf->sample;
while (p)
@ -3464,14 +3464,14 @@ fixup_sample (SFData * sf)
* this is as it should be. however we cannot be sure whether any of sam.loopend or sam.end
* is correct. hours of thinking through this have concluded, that it would be best practice
* to mangle with loops as little as necessary by only making sure loopend is within
* sdtachunk_size. incorrect soundfont shall preferably fail loudly. */
invalid_loopend = (sam->loopend > sdtachunk_size) || (sam->loopstart >= sam->loopend);
* total_samples. incorrect soundfont shall preferably fail loudly. */
invalid_loopend = (sam->loopend > total_samples) || (sam->loopstart >= sam->loopend);
loopend_end_mismatch = (sam->loopend > sam->end);
/* if sample is not a ROM sample and end is over the sample data chunk
or sam start is greater than 4 less than the end (at least 4 samples) */
if ((!(sam->sampletype & FLUID_SAMPLETYPE_ROM) && sam->end > sdtachunk_size)
if ((!(sam->sampletype & FLUID_SAMPLETYPE_ROM) && sam->end > total_samples)
|| sam->start > (sam->end - 4))
{
FLUID_LOG (FLUID_WARN, _("Sample '%s' start/end file positions are invalid,"

1
src/utils/fluid_sys.h
View file

@ -64,6 +64,7 @@ void fluid_time_config(void);
#define FLUID_POINTER_TO_INT GPOINTER_TO_INT
#define FLUID_INT_TO_POINTER GINT_TO_POINTER
#define FLUID_N_ELEMENTS(struct) (sizeof (struct) / sizeof (struct[0]))
#define FLUID_MEMBER_SIZE(struct, member) ( sizeof (((struct *)0)->member) )
#define FLUID_IS_BIG_ENDIAN (G_BYTE_ORDER == G_BIG_ENDIAN)